In my last post, I spoke about the Internet of Things (IoT) in terms of trust, security and privacy at a high level. Here, I will take a deeper dive in terms of how IoT security and privacy can impact an ecosystem interconnect.

When we talk about IoT, we think about the process we implement as we migrate to sensor-driven infrastructure for automated processes.

Looking at economies and technology ramp-up trends from a financial perspective, we will expect that there with be standardization around policies and processes, as well as implementing interfaces that are expected to connect sensors to networks, platforms, and application systems, or a combination of services.

It can all appear to be complex and large scale, especially in the borderless world of IoT. However, if as security and privacy professionals we ask ourselves, “What are the major areas we should focus on?,” my perspective is that we will have to look at:

Device security and settings

Security device and system physical access (IAM)

Securing our communication network systems

Dealing with the large volume of data we will have to process, leveraging big data analytics, risk scoring and criticality metrics aligned to a system, user privilege, and the business functionality.

IoT PriSec ModelThe team at The Cyber Policy and Security Governance Institute have been developing an IoT PriSec Model. This model:

Combines best of breed practices based on network, system and application security, which integrates functionality to meet data security lifecycle expectations as well as data privacy requirements for in-border and cross-border migrations.

Is built on the premise that an IoT infrastructure ecosystem consists of a self-healing, secure network infrastructure and systems that exfiltrates data for analysis from system-system connects and sub-system interactions. This system will have a big data capability to build an analysis of permitted, potentially dangerous and malicious activities, allowing for event-driven capabilities, driving a mindset of adaptive security.

Will be further enhanced to adapt to blockchain technologies.

Integrates privacy definitions that are tied into the IAM and privilege access management which is tightly tracked and auditable.

Promotes an effective combination of cryptography and smart analytics integrated into sensor security mechanisms which can quickly assess, measure and score attack attempts and attack paths for smart attack detection.

One area that will have an impact on IoT environments, given that the growth of cloud and big data are enablers of IoT, is that of unikernel security.